Submission Text Full Submission Page
Like most buggy video games from the '90s, Paper Mario has some bugs that cause BSODs. This TAS demonstrates one of these bugs. Enjoy :)

CasualPokePlayer: Replacing movie file as requested in DMs.

feos: Congrats on finding and pulling this off!
Unfortunately we can't publish this or even sent to Playground, because it abuses an emulation bug that is actually dangerous to users. A movie that escapes the sandbox and executes arbitrary code on the host can do really nasty things without the user having any idea. I didn't even dare run this on my actual OS, I created a Win10 VM, and it did give a BSOD indeed.
Now while I don't suspect the authors in installing viruses on my machine with this movie, if we open the doors for this kind of content, at some point someone may do that, and not everyone is conscious enough to only run it on a virtual machine. We can't risk damaging our users' computers.
Rejecting.


TASVideoAgent
They/Them
Moderator
Joined: 8/3/2004
Posts: 15579
Location: 127.0.0.1
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
Yeah I think everyone who ever played Paper Mario ran into this bug, lol YES VOTE
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
Joined: 7/3/2021
Posts: 7
Location: China
Computer verified Link to video
Editor, Expert player (2073)
Joined: 6/15/2005
Posts: 3282
Wait, the TAS actually crashes the (Windows) system? The BSOD wasn't fake like I first thought? That must raise a lot of questions...
Joined: 1/9/2023
Posts: 26
Location: Quebec Province
According to the error code and some googling, it apparently mean that the application was unable to start properly, whatever that mean in that context.
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
... what
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
Joined: 9/18/2006
Posts: 21
Location: Philadelphia, PA, USA
Don't tell me you found a sandbox escape for Bizhawk...
To re-imagine every obstacle as just means of honing craft and learn to laugh at failure's funny dream.
Editor, Player (175)
Joined: 4/7/2015
Posts: 331
Location: Porto Alegre, RS, Brazil
I will never step on tree roots again...
Games are basically math with a visual representation of this math, that's why I make the scripts, to re-see games as math. My things: YouTube, GitHub, Pastebin, Twitter
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2831
Location: US
So what exactly is happening here? Mupen memory management bug?
Editor, Expert player (2073)
Joined: 6/15/2005
Posts: 3282
In my (non-expert) opinion, the Windows crash seems to be caused by a vulnerability in one of the Mupen64plus N64 plugins that BizHawk uses. More evidence that plugins are bad, I guess. Fortunately most cores don't have to resort to plugins, so I think the other cores are safe. Just Mupen64plus + plugins that's the problem here.
Joined: 7/3/2021
Posts: 7
Location: China
Alyosha wrote:
So what exactly is happening here? Mupen memory management bug?
devwizard — 2024/04/03 12:37: it turns out that several things don't do bounds checks and so i can access some memory that i'm not really supposed to be able to access through many layers of manipulating the emulator i can get it to run my own x86-64 payload (which just calls NtRaiseHardError) Original message: https://discord.com/channels/280806848909541376/280806848909541376/1224940725003747400
Alyosha
He/Him
Editor, Emulator Coder, Expert player (3822)
Joined: 11/30/2014
Posts: 2831
Location: US
CHN_96_STUDIO wrote:
Alyosha wrote:
So what exactly is happening here? Mupen memory management bug?
devwizard — 2024/04/03 12:37: it turns out that several things don't do bounds checks and so i can access some memory that i'm not really supposed to be able to access through many layers of manipulating the emulator i can get it to run my own x86-64 payload (which just calls NtRaiseHardError) Original message: https://discord.com/channels/280806848909541376/280806848909541376/1224940725003747400
Neat, I hope the details get posted, would be an interesting read.
TASVideosGrue
They/Them
Joined: 10/1/2008
Posts: 2785
Location: The dark corners of the TASVideos server
om, nom, nom... minty!